Ryan Naraine
@ryanaraine
Followers
27,739
Following
878
Media
1,577
Statuses
29,789
I write about hackers and the business of cybersecurity. Podcast + newsletter: . Columns: @securityweek . Conference: @labscon_io
Joined August 2007
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Usyk
• 429326 Tweets
WALK IN SKECHERS WITH APO
• 221824 Tweets
Joshua
• 138580 Tweets
オークス
• 99177 Tweets
#RingOfFire
• 67981 Tweets
#precure
• 66249 Tweets
プリキュア
• 50271 Tweets
#ブンブンジャー
• 40702 Tweets
#nitiasa
• 36072 Tweets
しんちゃん
• 23789 Tweets
ゴーオンジャー
• 22713 Tweets
#仮面ライダーガッチャード
• 22152 Tweets
切り取り
• 15462 Tweets
しんのすけ
• 14988 Tweets
Hardy
• 11717 Tweets
コラボ回
• 10381 Tweets
New emojis in iOS 14.5 means that BILLIONS of security patches will be applied today. Incentives matter.
20
447
3K
iPad hardware microphone disconnects via sensor when the case is closed
27
333
2K
A discontinued insulin pump is in demand *because* it contains a security vuln that can be exploited to provide healthcare
25
934
1K
So far, 66 documented 0day attacks in 2021:
- Microsoft: 20 (Exchange, Offfice, IE, PrintSpooler, Windows kernel, etc.)
- Apple 15 (iOS, macOS, WebKit, etc.)
- Google: 11 (7 Chrome, 4 Android)
- Sonicwall - 4
- Adobe - 2
19
395
1K
Outgoing notifications: "Okta is currently experiencing a trust event that potentially affects your organization."
Is that we're calling it now? A trust event?
54
140
1K
Everytime I bump into Apple security friends at cons, I ask them to peek at my iOS settings for red-flags. The first place they tap is to look at installed configuration profiles
20
261
608
Apple iOS 16.1 is out, includes fix for "actively exploited" zero-day (CVE-2022-42827).
6
181
587
Three cybersecurity acquisitions this week:
- FireEye buys Verodin - $250M
- Palo Alto buys Twistlock - $410M
- Insight Partners buys Recorded Future - $780M
$1.44 billion
8
272
563
"VMware has confirmed exploit code leveraging CVE-2022-39144 against VCF (NSX-V) has been published."
👆🏽remote code execution, CVSS 9.8/10
4
170
495
Wait, what!?! UFC using a crypto-currency miner on its PPV streaming service
29
279
399
"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM..."
Fresh Windows 0day (CVE-2022-26925)
10
128
413
Azure Backdoors: How to Hide Them, How to Find Them
Conclusion: "There has never been a better time than right now to get involved in Azure abuse research."
Watch the
@_wald0
talk:
Slides:
1
115
405
Let's hear from a cybersecurity vendor that has raised $925 million in funding at $5.1 billion valuation
17
64
396
So, some personal news: I've joined
@window
's team at Intel to work on security community engagement. Get in touch and let's talk (DMs open)
44
26
367
Pretty significant Project Zero findings 🩹
18 zero-days in Samsung Exynos chipsets, some nasty enough to cause "Internet-to-baseband remote code execution" with no user interaction.
Attacker only needs victim's phone number 👩
Quick story:
4
174
359
Microsoft Patch Tuesday is a doozy this month:
- 114 documented CVEs
- 4 critical MS Exchange Server vulns
- 2 pre-auth code execution vulns found by NSA
- 1 in-the-wild 0day found by Kaspersky ninja
@oct0xor
- 0 Pwn2Own bugs fixed
2
182
351
An all-female edition of new CISO hirings
- Latha Maripuri (formerly NewsCorp) is new Uber CISO
- Nike's Jameeka Green Aaron is the new CISO at Auth0
- Laura Deaner is new CISO at Northwestern Mutual
- Ally Miller (former BofA) is the new CISO at Reddit
7
60
307
Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.
A big win for sharing IOCs:
"On October 13, 2023, BeyondTrust provided Okta Security a suspicious IP address attributed to the threat actor. With this indicator, we identified the additional file access events associated with the compromised account."
0
3
29
16
79
301
Get off Twitter and patch your iPhones
Apple says new WebKit bug "actively exploited"
12
198
297
A weekend reminder that turning OFF/ON your iPhone is a pretty good way to disrupt a high-end implant iOS implant. Persistence is very very difficult.
6
129
287
WhatsApp engaged NCC Group to conduct an independent security assessment of its End-to-End Encrypted Backups project. The findings (pdf)
3
80
283
Security headlines over the past 2-3 days:
- Two Apple iOS, macOS zero-days
- Adobe PDF Reader 0day exploited
- Cisco ASA 0day exploited in Akira ransomware
- Google patches Chrome 0-da reported by Apple
- Microsoft Patches 2 New Exploited zero-days
Stay blessed.
5
81
270
Orange Tsai (
@orange_8361
) at Black Hat:
"Fun fact - even you found a super critical bug like ProxyLogon, Microsoft will not reward you any bounty because Exchange Server On-Prem is out of scope."
12
62
268
0days everywhere 👀
Cloudflare, Google and AWS on a new zero-day named ‘HTTP/2 Rapid Reset’ being exploited by malicious actors to launch "the largest distributed denial-of-service (DDoS) attacks in internet history"
<- reporting by
@EduardKovacs
4
134
265
Noticeable spike in obvious spam getting through Gmail filters at my end.
28
18
245
Adobe Reader 0day "has been exploited in the wild in limited targeted attacks" (Windows)
6
107
238
Netflix VP of Information Security with tons of good advice for security marketers, including this one I see everywhere:
"Don’t offer me a gift card, gift, or cash in exchange for a meeting. Just no."
5
54
234
Project Zero's publicly stated mission is "make zero-day hard."
Project Zero blog today: "As an industry we’re not making 0-day hard."
11
25
231
Firmware attacks in the wild! 🔥
8
83
230
On the looming browser (Chromium) monoculture, Mozilla isn't mincing words
8
135
219
New Chrome 0day
"Google is aware that an exploit for CVE-2022-2856 exists in the wild."
Story
4
105
227
New: In my 20+ years writing about hackers and tracking advanced threats, I've never seen this volume of in-the-wild zero-day exploitation...
8
90
218
Billions of security patches will be applied today. Shoutout to power of emojis.
8
44
218
New Windows MSHTML exploit in the wild is 62nd confirmed zero-day attack documented so far in 2021.
20 of the 62 are Microsoft's
0
71
199
NEW! DARPA program manager Perri Adams chats about her love for CTF hacking competitions and the hunt for leapfrog security technologies in the AI cyber challenge
<-- episode sponsored by
@binarly_io
9
76
189
Rachel Tobac has done more for MFA adoption than $10 billion worth of big-tech companies combined.
Salute! 🏆
2
52
188
Apple T2 Security Chip enables 'hardware microphone disconnect' implemented in hardware alone
6
85
180
CVE-2021-22555 is a 15-yr-old heap out-of-bounds write vuln in Linux Netfilter. It was used to break the kubernetes pod isolation of the kCTF cluster and won $20K for charity
2
65
183
Once again, get off Twitter and patch your iPhones (emergency patch of exploited 0day)
4
131
176
I asked DEF CON CTF organizer Perri Adams about the make-up of a good capture-the-flag player and for recommendations for someone now getting started
@perribus
7
31
170
Microsoft’s terrible decision to hide info on security bulletins has led to this. A senior Microsoft security guy sharing a script to find the info
If you want a report summarizing today's
#MSRC
security bulletins, here's a script that uses the MSRC Portal API:
9
112
196
4
116
171
New Windows 0day in the wild
"Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library..."
Advisory with pre-patch workarounds here
4
113
168
60% of the 2019 St John’s University graduating class is female. My daughter is one of them. Today is an incredibly happy, proud day. 🙌🏽
13
1
151
Two new fresh iOS/macOS zero-days "actively exploited" in the wild
4
77
150
This is the 3rd Google Chrome in-the-wild 0day seen so far this year
"Google is aware that an exploit for CVE-2023-3079 exists in the wild."
1
50
149
Please try to take care of your mental health. Shit's real.
4
21
142
CVE-2021-26427 - Exchange Server remote code execution vuln 👇
5
37
143
New! A fun conversation with Google Project Zero's Maddie Stone (
@maddiestone
) on 0days, disclosure transparency, memory safety vulns, exploit/samples sharing, and more...
12
36
144
🔥 NEW podcast alert: Costin Raiu digs into why he left the GReAT team after 13 years at the helm, ethical questions on exposing certain APT operations, changes in the nation-state malware attribution game, the most technically impressive attacks, the 'dark spots' where
6
43
141
Google in 2008: A new approach to browser security: the Chrome Sandbox
Google now: Sandboxing is expensive…Sandboxing doesn’t eliminate vulnerabilities from the code.
I wrote about the death of the sandbox:
9
47
137
HashiCorp has confirmed it is a victim of the Codecov supply chain attack
The GPG private key used to sign hashes to validate product downloads was exposed
3
107
134
This Windows 11 security book from Microsoft is very well done
4
50
136
Apple iOS
#FacePalm
patch is live
Two bug finders credited:
CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX
1
40
125
🎙 New podcast with Shubs Shah (
@infosec_au
), an Aussie hacker who mastered the bug bounty hacking game and is now rewriting the rules of continuous pre-hack reconnaissance.
Enjoy
0
28
131
🥰 DARPA's Dr Sergey Bratus shows love to hackers!
"If you want to understand how systems work or how to break them, go to DEF CON or read Phrack."
@sergeybratus
@DARPA
5
34
132
NSA's Rob Joyce (
@RGB_Lights
) at Enigma 2016:
"There’s a reason it’s called advanced persistent
threats. Because we’ll poke and we’ll poke and we’ll wait and we’ll wait and we’ll wait, right? We’re looking for that opening and that opportunity, to finish the mission."
3
37
129
Patch Tuesday mayhem:
- Microsoft (incl 0day exploited by Emotet)
- Adobe (60 vulns)
- Apple (iOS/macOS)
- Chrome (0day)
- Log4j disables JNDI by default
0
72
125
Ian Beer: “I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time.”
6
42
127
Another significant software supply chain hack: Codecov Bash Uploader breach went undetected for four months as attackers stole credentials, tokens and keys from orgs around the world
4
80
124
Ukrainian CERT credited with the MS Outlook 0day, suggesting this is gov-level APT activity
"This could lead to exploitation BEFORE the email is viewed in the Preview Pane."
3
50
120
If you believe there's such a thing as "disappearing messages," I dunno what to say ¯\_(ツ)_/¯
13
17
111
Rumors of in-the-wild 0day attacks against iOS Mail has been persistent for weeks.
Zecops drops details
3
82
114
$1.5 million price tag on iOS zero-day. Bug bounties can never compete
12
148
111
This is the 16th documented in-the-wild 0day on Apple devices so far in 2023
5
54
114
With all the zero-day exploit chatter, I'm republishing this 2013 podcast interview with VUPEN/Zerodium CEO Chaouki Bekrar.
I believe it's the only podcast interview
@cBekrar
has granted and I'd glad I'm able to salvage it for the public record:
2
42
110
Ransomware includes:
Modified EternalBlue exploit
A vulnerability in a third-party Ukrainian software product
A second SMB network exploit
4
134
104
This line still freaks me out (from Mandiant's APT1 report):
"The longest time period APT1 maintained
access to a victim’s network was 1,764 days, or four years and ten months."
4
18
105
You can't just say you will not accept the results of the election. This isn't a third world country.
10
56
102
The latest update on the GoTo/LastPass breach is not very good 😢
7
44
103
Chrome 0day (appears linked to NSO Group Pegasus iOS zero-click exploit)
3
40
101
The billionaire chief executive of WhatsApp, Jan Koum, is planning to leave the company after clashing with its parent, Facebook, over the popular messaging service’s strategy and Facebook’s attempts to use its personal data and weaken its encryption
2
128
90
"With iOS 14, Apple shipped a significant refactoring of iMessage processing, and made all four parts of a typical zero-click attack harder..."
1
30
97
Ghidra utilities to assist with PC firmware reverse-engineering (Google Summer of Code project):
1
43
98